ch 10: Information Systems Security

Question 1

what is the goal of information systems security

Answer 1

-it is really about trade offs btw security and freedom

(ex loss of freedom of choosing your own password in echnage for increased security as you are forced to create a stronger pw making it diffucult for hackers to crack)

Question 2

also a trade off of what

Answer 2

cost and risk

Question 3

what is a threat

Answer 3

a person/org that seeks to obtain or alter data or other info systems assets illegally without having the owners persmission and often without the owners knowledge

Question 4

a vulnerability is

Answer 4

an opportunity for threats to gain access to individual/org assets

Question 5

whats a safeguard

Answer 5

some measure that individuals/org take to block the threat from obtaining the asset

Question 6

what is the target

Answer 6

the asset that is desired by the threat

Question 7

what are the types of threats

Answer 7

-human error, computer crime, natural disasters

Question 8

what are the types of losss

Answer 8

-unauthroized data disclosure
-incorrect data modification
-faulty service
-denial of service
-loss of infrastructure

Question 9

unauthorized data disclosure

Answer 9

-social engineering
-pretexting
-phishing
-spoofing
- ip/email spoofing
-sniffing
-packet sniffer/analyzer
-natural disasters
-hacking

Question 10

sniffing/packet sniffers

Answer 10

a technique for intercepting computer communications. with wired networks, sniffing requires a physical connection to the network. with wireless networks, no connection is required and wardrivers are used

Question 11

war drivers

Answer 11

take computers with wireless connections through an area and search for unprotected wireless networks

Question 12

hacking

Answer 12

activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks

Question 13

incorrect data modification

Answer 13

-procedures incorreclt designed or not followed
-ex increasing customers discount or incorrectly modiying employees salary
-placing incorrect data on company web site

Question 14

incorrect data modification cause

Answer 14

-improper internal controls systems
-system errors
-faulty recovery actions after a diseaster

Question 15

faulty service

Answer 15

include problems that result bc of incorrect system operation
-incorrect DM
-procedural mistakes
-programming errors
-it installation errors
-usurpation

Question 16

what is usurpation

Answer 16

when computer criminals invade a comp system and replace legitmate probles with their own, unauthorized ones that shut down legitimate applications and
substitute their own processing to spy, steal and manipulate data, or
achieve other purposes.

Question 17

denial of service (DoS)

Answer 17

human error or lack of procedures
-humans inadvertently shut down a web server or corporate gateway router by starting a computationaly intensive application

dos attacks
-malicious hacker intentionally floods a web server with millions of bogus service requests

 -computer worms create artifical traffic so legitimate traffic cannot get thru

Question 18

loss of infrastructure

Answer 18

-human accidents
-theof/terrorist events
-disgruntled/terminated employee
-natural disasters
-advanced persistent threat (APT)

Question 19

protective actions

Answer 19

-use antiservice software
-delete browser cookies
-make appropriate trade off to protect you and ur bsuiness

Question 20

current highest computer crime

Answer 20

malicious code

Question 21

how should you respond to security threats (5)

Answer 21

-create strong pw
-use multiple pw
-take security seriously
-send no valuable data via email or im
-use https at trusted, reputable vendors

Question 22

how should organizations respond to security threats

Answer 22

senior management create company wide policies
-what sensitive data will be stored
-how will data be processed
-how will data be shared with other organizations
-how can employees and others request changes to inaccurate data

Question 23

teachincal safegaurds on

Answer 23

-hardware and software

-firewalls
-identification and authorization
-malware

Question 24

data safegaurds on data

Answer 24

-passwords
-encryption
-backup and recovery

Question 25

human safeguards on procedures and people

Answer 25

-hiring
-training
-education

Question 26

identification

Answer 26

identifies the user

Question 27

authentication

Answer 27

-authenticates the user (pw)
-personal identification number, biometric authentixation such as finger prints, and single sign on

Question 28

encryption

Answer 28

process of transforming clear text into coded, unintelligible text for secure storage or communication

Question 29

key

Answer 29

string of bits used to encrypt data (unlocks message)

different for symmetric encryption and asymmetric encryption

Question 30

symmetric encryption

Answer 30

the same key is used encode and to decode

Question 31

asymmetric encryption

Answer 31

2 keys are used, 1 key encodes the message and the other key decods the message

Question 32

firewalls

Answer 32

computing device that prevents unauthorized access

-perimeter firewall sits outside the organization network

-internal firewall sits inside the network

-packet filtering firewall examines each part of messahe and determines whetehr to ket that part pass basing it off ip source and other data

Question 33

spyware and adware symptoms

Answer 33

-slow system start up
-many advertisinments
-suspicious broswer homepage changes
-suspicious changes to the taskbar

Question 34

malware symptoms

Answer 34

-viruses
-trojan horses
-worms
-spyware
-adware
-ransomeware

Question 35

malware protections

Answer 35

-antivirus and antispyware systems
-open emails only from known sources
-install software updates

Question 36

position definitions

Answer 36

-seperate duties and authorites
-determine least privledge
-document position sensitivity

Question 37

dissemination and enforcement

Answer 37

responisbility
accountability
complience

Question 38

termination

Answer 38

friendly/unfriendly

Question 39

How can human safeguards protect against security
threats?

Answer 39

Account Management
– Standards for new user accounts, modification
of account permissions, removal of unneeded
accounts

Password Management
– Users change passwords frequently

Help Desk Policies
– Provide means of authenticating users